POSITIVE HACK DAYS

ORGANIZER

Hands-on Lab

Download the full program in PDF.

Videos of reports and hands-on-labs (Russian and English).

Advanced Web 2.0 Security

Author: Andres Riancho

This workshop will cover a set of vulnerabilities and attacks that's not usually in other Web security training courses, the topics covered in this course have been discovered recently compared with vulnerabilities such as SQL Injection. Most topics are related to new technologies such as HTML5, new programming languages (Ruby) and paradigms ("the cloud"). Some of the topics we'll cover are:

  • ClickJacking;
  • Session Puzzling;
  • HTTP Parameter Pollution;
  • Bizarre XSS injection points in HTML5;
  • Understanding and exploiting localStorage;
  • HTML5 and DOM based XSS and redirects;
  • CSRF and leveraging CORS to bypasses SOP;
  • Understanding and exploiting WebSQL - Client side SQL injection.

  • Language
  • English

CV

Andrés Riancho is an information security researcher who currently leads three closely related efforts: the development of NeXpose's Web application security scanner, the community-driven and Open Source w3af project and a team of skilled Web application penetration testers that work at Bonsai.
In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer.
His main focus has always been in the Web Application Security field, in which he developed w3af, a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andrés has spoken and held training at many security conferences around the globe, like SecTor (Toronto), OWASP (Poland), CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and ekoparty (Buenos Aires).
Andrés founded Bonsai in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.
Web Application Security, Python, IPS device evasion, Networking, Information security research in general, Software development, Agile, Scrum, Product Owner.

Andres Riancho Andres Riancho

DIY SAP security

Author: Alexey Yudin

This workshop will enable the attendees to learn how to perform security assessment of SAP R/3 and NetWeaver systems (including application servers and infrastructure) by means of available tools. The following topics will be considered:

  • search and identification of SAP services;
  • clients brute force;
  • peculiarities of working with SAP GUI Scripting;
  • brute-forcing via SAP GUI and SAP RFC;
  • obtaining access to critical tables;
  • using hash for brute-forcing;
  • using system transactions to access operating systems;
  • receiving data from another client;
  • data interception over a network and plaintext password recovery;
  • administrators’ possible malversations and ways to prevent them.

  • Language
  • Russian

CV

"Alexey Yudin is the Head of Business Applications and Database Security Department of Positive Technologies. He graduated from the Moscow State Forest University (specializing in Applied Mathematics) in 2003. From 2002 to 2005 he held the position of an engineer (Head of the Sector) in the Research Institute of Precision Instruments. He was an analyst at Informzaschita in 2005—2006.
Alexey Yudin’s main area of activity is database and business applications security; he partakes in large-scale auditing and penetration testing, as well as in engineering and implementing security systems."

Alexey Yudin Alexey Yudin

Win32/Georbot. Understanding a malware and automating its analysis

Author: Pierre-Marc Bureau

The Win32/Georbot malware family has been in development for at least 18 months. With hundreds of different variants seen in the wild, it is surprising this threat has not attracted more attention from the security industry. It appears this malware is only installed on targeted computers, most likely delivered by a web based exploit. The malware is suspected to be used by individuals to steal sensitive information from infected computers. This workshop will show how the following functionalities were implemented:

  • Document stealing
  • Camera snapshots
  • Take audio snapshots from attached microphone
  • Network scan
  • Denial of service attack

The authors of this malware decided to obfuscate the code themselves in an effort to avoid antivirus. The workshop will explain how the obfuscation is implemented and how it can be defeated statically with IDA python scripts:

  • Control flow obfuscation
  • String obfuscation
  • API call obfuscation through hashing

Finally, it will be shown how the bot communicates with its command and control server using the HTTP protocol as well as how to set up an alternate command and control server in a laboratory and issue commands to the bot and receive a response from it.

  • Language
  • English

CV

Pierre-Marc Bureau is a researcher and information security specialist. Presented his reports at the following conferences:

  • Hack.lu (keynote)
  • Recon
  • Virus Bulletin
  • Hacktivity
  • Segurinfo
  • Microsoft Doing Blue
  • Infosec Paris

Resides in Montréal, Québec.

Pierre-Marc Bureau Pierre-Marc Bureau

Breaking havoc using a Human Interface Device

Author: Nikhil Mittal

This Hands-on Lab will focus on a highly dangerous and yet widely neglected computer security issue — vulnerability of Human Interface Devices (HIDs). Using a programmable HID Teensy, the reporter will demonstrate how easy it is to hack a system by exploiting the inherent reliance of modern operating systems on HIDs. The case for using Teensy as a keyboard will also be covered.
A toolkit, Kautilya, which has been developed by the reporter, will be demonstrated highlighting that programming is not even required for using the device. Kautilya contains easily usable and highly customizable payloads which aim to make the work of a penetration tester easy.
The report will be full of live demos.

  • Language
  • English

CV

Nikhil Mittal is a hacker, info sec researcher and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has over 3 years’ experience in Penetration Testing for many Government Organizations of India and other global corporate giants in his current job position.
Nikhil Mittal specializes in assessing security risks at secure environments which require novel attack vectors and ""out of the box"" approach. He is the developer of Kautilya, a toolkit which makes it easy to use Teensy in penetration tests. In his free time, Nikhil likes to scan full IP ranges of countries for specific vulnerabilities, writes some silly Metasploit scripts and does some vulnerability research.
Nikhil Mittal has spoken at Clubhack’10, Hackfest’11, Clubhack’11, Black Hat Abu Dhabi’11, Troopers’12 and Black Hat Europe’12.

Nikhil Mittal  Nikhil Mittal

Practicalities of Mobile Security

Author: Sergey Nevstruev

  • Language
  • Russian

CV

VP Mobile Solutions,Kaspersky Lab

Sergey Nevstruev Sergey Nevstruev

Security without antivirus software

Author: Boris Ryutin

The participants of this four-hour master class will get basic knowledge of detecting Trojans in OS, learn most recent Trojan development techniques for Windows (SpyEye, Carberp, Duqu), consider Trojans for Android and get acquainted with actual exploits (PDF, Java).

  • Language
  • Russian

CV

Boris Ryutin graduated from Rocket and Aerospace Equipment Department of the Baltic State Technical University "Voenmeh" named after D.F. Ustinov (specialized in Flight Dynamics and Aircraft Movement Control) in 2009. He worked as an engineer in the federal Machine-Building Design Bureau. Currently he is a malware analyst at Esage Lab.

Boris Ryutin Boris Ryutin

Web application attacks. The basics

Author: Vladimir Lepikhin

The mechanisms of attack on web applications, techniques and tools (specialized scanners, security, utilities, using the results of their work during manual analysis) used by violators will be submitted in a systematic form.
Practical examples will clearly demonstrate major weaknesses of web applications that make it possible to conduct attacks, illustrated by the shortcomings of the means of protection in use and methods to bypass them.
Simple and well-known vulnerabilities will be considered, as well as more complex and interesting cases.
In addition to attacks on web applications possible options for the use of vulnerable web applications in the attacks on other systems will be reviewed.

  • Language
  • Russian

CV

Vladimir Lepikhin has been working since 1999 at the Centre "Informzaschita." Coordinates the direction of "Network Security". Participated in the development of many copyright courses of the Training Center "Informzaschita." He specializes in the detection of network attacks and security analysis. For a long time he was engaged in reading and adaptation of the authorized courses of company Internet Security Systems - in the recent past the industry leader in the detection of attacks and security analysis. Now he continues to train for the same product line, but "under the wing” of IBM. He actively participates in the development of authorized training on the products of the company Positive Technologies. He regularly participates in conferences and forums on information security.

Vladimir Lepikhin Vladimir Lepikhin

CEH. Ethical hacking and penetration testing

Author: Sergey Pavlovich Klevoghin

Visitors to the workshop will get to know typical vulnerabilities of network protocols, operating systems and applications. During the master class leader will describe the sequence of different types of attacks on computer systems and networks, and make recommendations to strengthen the security of computer systems and networks. Students will be immersed in a practical environment, where they will see how to really hack the system to subsequently be able to anticipate the possible actions of a hacker and successfully resist them.

  • Language
  • Russian

CV

Sergei Pavlovich Klevogin is a unique specialist in computer network security. He was the first in Russia who obtained the status of a certified ethical hacker (Certified Ethical Hacker, CEH).
Certified by Microsoft engineer in the field of security, professional in security SCP and instructor in information encryption products of the company "Crypto".
Sergei Pavlovich Klevogin worked as a programmer at the Ministry of Defence of RF, as a specialist in information security at the Central Bank of Russia, and as head of information technology administration in a commercial bank. He taught at the Moscow Institute of Economics and Statistics, cooperates with the training centre "Specialist". The experience of Sergei Pavlovich is valuable in reflecting both the professional development of products and IT principles, as well as an understanding of the integration of business processes with information technology.

Sergey Pavlovich Klevoghin Sergey Pavlovich Klevoghin

Securing Android applications

Author: Manish Chasta

The talk will brief the audience about the techniques to discover and mitigate the vulnerabilities in any Android Mobile Application. Techniques to discover vulnerabilities will include reverse engineering, memory analysis and HTTP traffic / response analysis. In addition to this, the presentation will also talk about Android rooting, SQLite database Analysis, ADB and mobile server related threats. The audience will also learn about the proposed OWASP Top 10 for mobile applications.

  • Language
  • English

CV

Principal Consultant (Information Security) with 6 years of experience. Focused primarily on Mobile Application security and Web Application security. Handled pre-sales activities for various clients. Managed and executed multiple Application Security and Security Assessment projects in various domains including Banking, Insurance, Trading, eCommerce, Finance, CRM and Healthcare. Has delivered training in the field of Application Security and Ethical Hacking.

Manish Chasta Manish Chasta

Computer incident investigation

Author: Sergey Sergeevich Lozhkhin

This workshop is devoted to the investigation of incidents of unauthorized access to Internet resources. The reporter will introduce the audience to the psychological portrait of the modern hacker and talk about types of attackers. He will consider the process of working on the incident, from the detection of traces of malicious activity and response to signals about the burglary to finding the attacker, in cooperation with law enforcement. In addition, the audience can expect fascinating stories about real security incidents.

  • Language
  • Russian

CV

Sergey Lozhkin is a specialist with the training centre "Echelon".

Sergey Sergeevich Lozhkhin Sergey Sergeevich Lozhkhin

Wireless network security. How you network was hacked and how it could be avoided

Author: Dmitry Ryzhavsky

These days, manufacturers of enterprise-class Wi-Fi provide their clients with a wide range of protection functions against attacks and intrusions. To effectively use this tool, it is not enough for an administrator to read the documentation. We need to know the enemy's face, and the means of protection is in the ways to detect or prevent well-defined attacks in the arsenal of any trained attacker. The purpose of this report is to give students an opportunity to look at the protection of WLAN from the viewpoint of the hacker as well as that of the system administrator. In the course of the report the most relevant methods of obtaining unauthorized access to WiFi-network will be considered, and the mechanisms proposed integrated solution Cisco Unified Wireless Network to protect against the described attacks are described and demonstrated. This will allow students to consciously determine which set of security features they need.

  • Language
  • Russian

CV

Dmitry Ryzhavsky lives in Moscow, Russia and is a Cisco Associate Systems Engineer. He has studied the Cisco Systems Networking Academy Program at the Moscow Cisco Systems Training Center. Certificates: Cisco Certified Design Professional (CCDP), Cisco Certified Design Associate (CCDA), Cisco Certified Network Associate (CCNA), and Cisco Certified Internetwork Expert (CCIE) in “Security” and “Routing and Switching.”

Dmitry Ryzhavsky Dmitry Ryzhavsky

Internet competitive intelligence

Author: Andrey Masalovich

By using practical examples, participants of the workshop will aquire the skills of using analytical technologies in solving real problems of competitive intelligence, including methods for rapidly detecting confidential information leaks, fast-detection of open partitions on servers, methods of penetration on the FTP server without hacking protection; password leak-detection methods; methods of access to confidential documents via bypassing DLP; means of penetrating into sections behind 403 error messages. Techniques are demonstrated on examples of portals in certainly well-protected companies (such as the leaders of the IT and IS markets, large state organisations, intelligence, etc.).

  • Language
  • Russian

CV

Andrew I. Masalovich has a Ph.D. in Physics and Mathematics, is a member of the Board of directors of "DialogueScience", and head of the Competitive Intelligence sector of the Academy of Information Systems. He has supervised a number of successful projects in the analytical equipment of banks, financial-industrial groups, major network of trade retailers and government organizations. In the past he was a FAPSI Colonel, Commander of the Order "Star of the Glory of the Fatherland", winner of the scholarship of Sciences "Outstanding Scientist of Russia" (1993). Author of numerous publications on the problems of search and analysis of data. Conducted seminars in several universities in Russia (Academy of National Economy, Moscow State University, MAI) and in the USA (Harvard, Stanford University, Georgia Institute of Technology, Texas A&M University).
An expert for  RFBR, INTAS, ITC UN, APEC.

Andrey Masalovich Andrey Masalovich